A system and method for managing a network using a policy tree which includes a plurality of levels (e.g., two levels, five levels, etc.) is described. When the network receives a request to provide an action to a particular source, the network determines if the action is available as a function of at least one level of the plurality of levels. If the action is available, the network determines if the particular source is authorized to be provided with the action as a function of at least one rule of at least one further level of the plurality of levels. If the particular source is authorized, the network provides the action to the particular source.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method comprising: providing a policy-tree in a database, said policy tree to be used to manage a network and comprising a plurality of levels; receiving a request for an action to be provided by the network to a particular source; determining whether the action is available as a function of at least one level of the plurality of levels; determining whether the particular source is authorized to be provided with the action as a function of at least one rule of at least one further level of the plurality of levels, the at least one further level comprising a third level generated as a function of the at least one rule, a fourth level generated as a function of at least one condition type of the at least one rule, the fourth level being linked to the third level, a fifth level generated as a function of at least one condition of the at least one condition type, the fifth level being linked to the fourth level, if the action is available; and providing the action to the particular source, if the particular source is authorized.
2. The method according to claim 1 , wherein the particular source comprises at least one of an arrangement, a device, a further network, a third-party user, and a user.
3. The method according to claim 1 , wherein the action comprises at least one of access to a physical resource and access to a logical resource.
4. The method according to claim 1 , wherein the at least one level comprises a first level and a second level, the first level being generated as a function of an action type, the action type being indicative of the action, the second level being generated as a function of the action, the second level being linked to the first level.
5. The method according to claim 1 , wherein the receiving a request for an action comprises: submitting the request for the action to be provided to the particular source by at least one of the particular source, the network and a third-party.
6. The method according to claim 5 , wherein the request is submitted upon detecting a predetermined parameter.
7. The method according to claim 1 , further comprising: determining data which are indicative of availability of the action, if the action is unavailable.
8. The method according to claim 1 , further comprising: determining a further action of the second level which is similar to the action according to a predetermined criteria, if the action is unavailable.
9. A method comprising: generating a first level of a policy tree in a database to be used to manage a network as a function of an action type, the action type being indicative of an action of the network; generating a second level of the policy tree in the database as a function of the action, the second level being linked to the first level and being indicative of an availability of the action; generating a third level of the policy tree in the database as a function of at least one rule of the network, the at least one rule allowing a determination of whether a particular source of the network is authorized to be provided with the action; generating a fourth level of the policy tree in the database as a function of at least one condition type of the at least one rule, the fourth level being linked to the third level; and generating a fifth level of the policy tree in the database as a function of at least one condition of the at least one condition type, the fifth level being linked to the fourth level.
10. The method according to claim 9 , further comprising: modifying the first level and the second level as a function of a predetermined parameter.
11. The method according to claim 9 , further comprising: modifying at least one of the third, fourth and fifth levels as a function of a further predetermined parameter.
12. The method according to claim 11 , wherein the further predetermined parameter comprises at least one of an addition of a further rule to the network, a removal of the at least one rule from the network, and a modification of the at least one rule.
13. The method according to claim 9 , further comprising: grouping actions of the second level into at least one group in a predetermined manner.
14. The method according to claim 9 , further comprising: grouping the at least one rule of the third level into at least one group in a predetermined manner.
15. The method according to claim 14 , wherein the at least one rule group corresponds to the at least one action.
16. The method according to claim 9 , further comprising: grouping the at least one condition of the fifth level into at least one group in a predetermined manner.
17. The method according to claim 9 , further comprising: updating the policy tree in real time.
18. The method according to claim 9 , further comprising: updating the policy tree according to a predetermined time schedule.
19. The method according to claim 9 , wherein the action comprises at least one of access to a logical entity and access to a physical entity.
20. The method according to claim 9 , wherein the action corresponds to the at least one rule.
21. The method according to claim 9 , wherein the at least one rule corresponds to the action.
22. The method according to claim 9 , wherein the action corresponds to a particular rule of the at least one rule, if a predetermined condition is satisfied.
23. A system comprising: an arrangement comprising a memory device and a processor, the memory device to store a policy tree to be used to manage a network, the policy tree comprising at least one level and at least one further level, the at least one level comprising at least one action of the network, the at least one further level comprising at least one rule, a third level being indicative of the at least one rule, a fourth level being indicative of at least one condition type of the at least one rule, the fourth level being linked to the third level, a fifth level being indicative of at least one condition of the at least one condition type, the fifth level being linked to the fourth level, the arrangement to receive a request for an action to be provided to a particular source, the processor to determine whether the action is available as a function of the at least one level, the processor to determine whether the particular source is authorized to be provided with the action as a function of the at least one rule, the at least one rule corresponding to the action, if the action is available, and the arrangement to provide the action to the particular source, if the particular source is authorized.
24. The system according to claim 23 , wherein the network comprises at least one of an internet, a local area network, a wide area network, a virtual network, and a wireless network.
25. The system according to claim 23 , wherein the particular source comprises at least one of a user and a computing device.
26. The system according to claim 23 , wherein the policy tree is updated in real time.
27. The system according to claim 23 , wherein the at least one level comprises a first level and a second level, the first level being indicative of an action type of the at least one action, the second level being indicative of the action, the second level being linked to the first level.
28. A system comprising: a source comprising at least one of a user and a computing device; a policy server to generate and store in a database at least one level of a policy tree as a function at least one action of the network and at least one further level of the policy tree as a function of at least one rule, the at least one rule corresponding to the at least one action, the policy tree to be used to manage a network; and the at least one further level comprising a third level being indicative of the at least one rule, a fourth level being indicative of at least one condition type of the at least one rule, the fourth level being linked to the third level, a fifth level being indicative of at least one condition of the at least one condition type, the fifth level being linked to the fourth level, a client server to receive a request for a particular action to be provided by the network to the source and to communicate the request to the policy server, the policy server to determine, using the at least one level, whether the particular action is available, the policy server to determine, using the at least one rule, if whether the source is authorized to be provided with the particular action, if the action is available, and the policy server to communicate such authorization to the client server that is capable of providing the particular action to the source, if the source is authorized.
29. A machine-readable storage medium having stored thereon a set of executable instructions for performing a method comprising: providing a policy tree in a database to be used to manage actions provided by a network the policy tree comprising a plurality of levels; receiving a request to provide an action by the network to a particular source, determining whether the action is available as a function of at least one level of the plurality of levels, determining whether the particular source is authorized to be provided with the action as a function of at least one rule of at least one further level of the plurality of levels, the at least one further level comprising a third level being indicative of the at least one rule, a fourth level being indicative of at least one condition type of the at least one rule, the fourth level being linked to the third level, a fifth level being indicative of at least one condition of the at least one condition type, the fifth level being linked to the fourth level, if the action is available, and providing the action to the particular source, if the particular source is authorized.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
July 30, 1999
July 29, 2003
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.